CN117220859A - Key migration method, device, equipment and storage medium - Google Patents
Key migration method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117220859A CN117220859A CN202311166850.4A CN202311166850A CN117220859A CN 117220859 A CN117220859 A CN 117220859A CN 202311166850 A CN202311166850 A CN 202311166850A CN 117220859 A CN117220859 A CN 117220859A
- Authority
- CN
- China
- Prior art keywords
- key
- backup
- encrypted
- local
- solid state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013508 migration Methods 0.000 title claims abstract description 84
- 230000005012 migration Effects 0.000 title claims abstract description 84
- 238000000034 method Methods 0.000 title claims abstract description 58
- 239000007787 solid Substances 0.000 claims abstract description 215
- 230000015654 memory Effects 0.000 claims description 27
- 238000012795 verification Methods 0.000 claims description 25
- 238000004891 communication Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 abstract description 6
- 230000005540 biological transmission Effects 0.000 description 14
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data processing, and discloses a key migration method, a device, equipment and a storage medium, wherein the key migration method comprises the following steps: acquiring a backup digital certificate of a backup encrypted solid state disk and a local digital certificate of a local encrypted solid state disk; encrypting a symmetric key and an integrity authentication key generated by a local encrypted solid state disk based on a backup data certificate to obtain encrypted data; signing the encrypted data based on the local digital certificate to obtain signature data; sending the encrypted data, the signature data and the local digital certificate to a backup encrypted solid state disk so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate; when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is transmitted to the backup encrypted solid state disk after being encrypted by the symmetric key; the invention can ensure the security and the integrity of key migration.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a key migration method, device, equipment, and storage medium.
Background
The self-encrypting solid state disk is independent of an external encrypting device, and encrypts and decrypts the hard disk data through a high-speed cryptographic algorithm module in a hard disk controller. When the service life of the solid state disk expires or other reasons need to copy and transfer the user data in the solid state disk to other solid state disks with self-encryption function, a common method is that a host computer through security authentication reads out the user data information of plaintext from the solid state disk and writes the user data information into a backup solid state disk, and the backup solid state disk encrypts and stores the user data by using a secret key generated by the backup solid state disk.
Disclosure of Invention
In view of this, the invention provides a key migration method, device, equipment and storage medium, so as to solve the problem that information leakage is easy to cause when the existing self-encrypting solid state disk remotely transmits user data to other solid state disks with self-encrypting functions.
In a first aspect, the present invention provides a key migration method, the method comprising: acquiring a backup digital certificate of a backup encrypted solid state disk and a local digital certificate of a local encrypted solid state disk; encrypting a symmetric key and an integrity authentication key generated by a local encrypted solid state disk based on a backup data certificate to obtain encrypted data; signing the encrypted data based on the local digital certificate to obtain signature data; sending the encrypted data, the signature data and the local digital certificate to a backup encrypted solid state disk so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate; and when the decryption result is the same as the encrypted data, transmitting the key information to be migrated in the local encrypted solid state disk to the backup encrypted solid state disk after the key information to be migrated is encrypted by the symmetric key. Through the process, the safety and the integrity of key migration can be ensured, when user data copy migration is carried out among self-encrypting solid state disks, a large amount of ciphertext user data is not required to be decrypted and read out and then encrypted for protection transmission, the received ciphertext user data is then decrypted and written into the solid state disk, the solid state disk is encrypted for storage, and only the user data ciphertext is required to be directly copied and migrated, so that complicated operations such as a series of encryption and decryption of a large amount of user data are saved.
In some optional embodiments, encrypting the symmetric key and the integrity certification key generated by the local encrypted solid state disk based on the backup data certificate to obtain encrypted data includes:
verifying the backup digital certificate based on the local digital certificate;
when the backup digital certificate passes the verification, two fixed byte random numbers randomly generated by the local encryption solid state disk are respectively used as a symmetric key and an integrity authentication key;
and encrypting the symmetric key and the integrity authentication key based on the backup data certificate to obtain encrypted data.
In some alternative embodiments, decrypting the decryption result from the signature data based on the local digital certificate includes:
verifying the local digital certificate based on the backup digital certificate;
and when the local digital certificate passes the verification, decrypting the signature data based on the local digital certificate to obtain a decryption result.
In some alternative embodiments, determining that the decryption result is the same as the encrypted data includes:
obtaining a decryption symmetric key and a decryption integrity authentication key in a decryption result;
encrypting the decryption integrity authentication key through the decryption symmetric key to obtain integrity authentication data;
Decrypting the integrity authentication data based on the symmetric key to obtain a decrypted integrity authentication key;
and comparing the decryption integrity authentication key with the integrity authentication key, and determining that the decryption result is identical to the encrypted data based on the comparison result.
In some alternative embodiments, determining that the decryption result is the same as the encrypted data based on the comparison result includes:
acquiring a first key value corresponding to an integrity authentication key;
calculating the content limited by the decryption integrity authentication key to obtain a second key value, and comparing the second key value with the first key value;
if the second key value is the same as the first key value, determining that the decryption result is the same as the encrypted data.
In some alternative embodiments, verifying the backup digital certificate based on the local digital certificate includes:
the method comprises the steps of obtaining a local target public key corresponding to a local digital certificate and backup signature information carried in a backup digital certificate, wherein the backup signature information is obtained by signing a backup public key by a backup target private key in a backup encrypted solid state disk;
signing the backup signature information based on the local target public key;
the second signature information is signed based on the first public key.
In some alternative embodiments, verifying the local digital certificate based on the backup digital certificate includes:
the method comprises the steps of obtaining a backup target public key corresponding to a backup digital certificate and local signature information carried in a local digital certificate, wherein the local signature information is obtained by signing a local public key by a local target public key in a local encrypted solid state disk;
and verifying the local signature information based on the backup target public key.
In a second aspect, the present invention provides a key migration apparatus, the apparatus mainly comprising: the device comprises a certificate acquisition module, a key encryption module, a data signing module, a data decryption module and a key migration module; the certificate acquisition module is used for acquiring a backup digital certificate of the backup encrypted solid state disk and a local digital certificate of the local encrypted solid state disk; the key encryption module is used for encrypting a symmetric key and an integrity authentication key generated by the local encrypted solid state disk based on the backup data certificate to obtain encrypted data; the data signing module is used for signing the encrypted data based on the local digital certificate to obtain signature data; the data decryption module is used for sending the encrypted data, the signature data and the local digital certificate to the backup encrypted solid state disk so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate; and the key migration module is used for transmitting the key information to be migrated in the local encrypted solid state disk to the backup encrypted solid state disk after the key information to be migrated is encrypted by the symmetric key when the decryption result is the same as the encrypted data. Through the process, the safety and the integrity of key migration can be ensured, when user data copy migration is carried out among self-encrypting solid state disks, a large amount of ciphertext user data is not required to be decrypted and read out and then encrypted for protection transmission, the received ciphertext user data is then decrypted and written into the solid state disk, the solid state disk is encrypted for storage, and only the user data ciphertext is required to be directly copied and migrated, so that complicated operations such as a series of encryption and decryption of a large amount of user data are saved.
In a third aspect, the present invention provides a computer device comprising: the key migration method comprises the steps of storing computer instructions in a memory and a processor, wherein the memory and the processor are in communication connection, the memory stores the computer instructions, and the processor executes the computer instructions, so that the key migration method of the first aspect or any implementation mode corresponding to the first aspect is executed.
In a fourth aspect, the present invention provides a computer-readable storage medium having stored thereon computer instructions for causing a computer to perform the key migration method of the first aspect or any one of its corresponding embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic illustration of an application environment of an embodiment of the present invention;
FIG. 2 is a flow chart of a key migration method according to an embodiment of the present invention;
FIG. 3 is a flow chart of another key migration method according to an embodiment of the present invention;
FIG. 4 is a flow chart of a key migration method according to an embodiment of the present invention;
FIG. 5 is a flow chart of a key migration method according to an embodiment of the present invention;
FIG. 6 is a data flow diagram of a key migration method of an embodiment of the present invention;
FIG. 7 is a block diagram showing the structure of a key migration apparatus according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a hardware structure of a computer device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms first and second in the description and claims of the invention and in the above-mentioned figures are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover non-exclusive protection. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The term "plurality" in the present invention may mean at least two, for example, two, three or more, and embodiments of the present invention are not limited.
Referring to fig. 1, fig. 1 is a schematic diagram of an application environment provided in an embodiment of the present invention, where the schematic diagram includes a local device 100 that may include a display 101, a local host 102, and a local encrypted solid state disk 103. The local device 100 may be communicatively connected to the backup device 200 through the network 300, where the backup device 200 may be configured to provide services (e.g., backup services, etc.) for computing programs installed on clients, and the backup encrypted solid state disk 201 may be provided on the backup device 200 or independent of the backup device 200 for providing data storage services for the backup device 200. Further, a backup host 202 is provided in the backup apparatus 200, and the backup host 202 can be used to perform steps performed by the backup apparatus 200.
Alternatively, the local device 100 may be, but is not limited to, a terminal capable of calculating data, such as a mobile terminal (e.g., tablet computer), a notebook computer, a PC (Personal Computer ) or the like, where the network may include, but is not limited to, a wireless network or a wired network. Wherein the wireless network comprises: bluetooth, WIFI (Wireless Fidelity ) and other networks that enable wireless communications. The wired network may include, but is not limited to: wide area network, metropolitan area network, backup management server cluster. The backup device 200 may include, but is not limited to, any hardware device that may perform a calculation.
In addition, in this embodiment, the key migration method may be applied, but not limited to, to an independent processing device with a relatively high processing capability, without data interaction. For example, the processing device may be, but is not limited to, a more processing-capable terminal device, i.e., the various operations of the key migration method described above may be integrated into a single processing device. The above is merely an example, and is not limited in any way in the present embodiment.
Alternatively, in the present embodiment, the key migration method may be performed by the backup device 200, may be performed by the local device 100, or may be performed by both the backup device 200 and the local device 100. The key migration method performed by the local device 100 according to the embodiment of the present invention may also be performed by a client installed thereon.
In accordance with an embodiment of the present invention, a key migration method embodiment is provided, it being noted that the steps shown in the flowchart of the figures may be performed in a computer system, such as a set of computer executable instructions, and, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in an order other than that shown or described herein.
In this embodiment, a key migration method is provided, which may be used in the above local device, and fig. 2 is a flowchart of a key migration method according to an embodiment of the present invention, as shown in fig. 2, where the flowchart includes the following steps:
step S201, a backup digital certificate of the backup encrypted solid state disk and a local digital certificate of the local encrypted solid state disk are obtained.
As described above, by acquiring the backup digital certificate of the backup encrypted solid state disk and the local digital certificate of the local encrypted solid state disk, it is convenient to determine whether the local encrypted solid state disk and the backup solid state disk belong to migration between data through mutual authentication between the backup digital certificate and the local digital certificate.
In some optional embodiments, a pair of public and private key pairs is generated by the local encrypted solid state disk and the local encrypted solid state disk based on a private command (which can be sent by a manufacturer before the solid state disk leaves a factory or can be sent by a user); the local encryption solid state disk generates a public-private key pair (such as a local public key and a local private key, wherein the local private key is stored in a nonvolatile flash of the local encryption solid state disk, and the local public key is sent to a local host); the backup encryption solid state disk generates a public-private key pair (such as a backup public key and a backup private key, wherein the backup private key is stored in a nonvolatile flash of the backup encryption solid state disk, and the backup public key is sent to the backup host). Then, the backup host signs the backup public key by using the backup target private key to generate a backup digital certificate, and stores the backup digital certificate and the backup target public key corresponding to the backup target private key in a target area; similarly, the local host signs the local public key by using the local target private key to generate a local digital certificate, and stores the local digital certificate and the local target public key corresponding to the local target private key in the target area. When data migration, such as key migration, can be performed between the backup encrypted solid state disk and the local encrypted solid state disk, the backup target public key is the same as the local target public key, but the backup target private key and the local target private key may be generated based on own device information and public key, i.e. the backup target private key and the local target private key may be different.
Step S202, the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so as to obtain encrypted data.
As above, the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so that the security and anti-counterfeiting performance of the symmetric key and the integrity authentication key in the transmission process are ensured.
In some alternative embodiments, the backup digital certificate may be first verified based on the local digital certificate; when the backup digital certificate passes the verification, two fixed byte random numbers randomly generated by the local encryption solid state disk are respectively used as a symmetric key and an integrity authentication key; and encrypting the symmetric key and the integrity authentication key based on the backup data certificate to obtain encrypted data. When the backup digital certificate passes the verification, the backup encrypted solid state disk sends a failure error code to inform the local encrypted solid state disk to resend data or stop migration and other operations. It can be understood that by generating the random symmetric key, a necessary condition is provided for encryption migration of key information to be migrated, and the reliability of necessary migration to be migrated can be further improved. Meanwhile, the integrity of the information migration of the key to be migrated is checked conveniently through the generation of the integrity authentication key.
Step S203, the encrypted data is signed based on the local digital certificate, and signature data is obtained.
As described above, the encrypted data is signed based on the local digital certificate to obtain the signed data, so that the correctness of the backup encrypted solid state disk for decrypting the signed data is verified.
In some alternative embodiments, the local encrypted solid state disk signs the encrypted data based on a local private key of the local digital certificate, resulting in signed data.
And step S204, the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts the decryption result from the signature data based on the local digital certificate.
As described above, the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts the decryption result from the signature data based on the local digital certificate, and the correctness of the backup encrypted solid state disk in decrypting the signature data is conveniently verified.
In some optional embodiments, the local encrypted solid state disk sends the encrypted data, the signature data and the local digital certificate to the backup host through the local host, so that the backup host forwards the encrypted data, the signature data and the local digital certificate to the backup encrypted solid state disk, and the backup encrypted solid state disk decrypts the signature data based on the local digital certificate, thereby obtaining a decryption result.
And step S205, when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is transmitted to the backup encrypted solid state disk after being encrypted by the symmetric key.
And when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is encrypted by the symmetric key and then transmitted to the backup encrypted solid state disk, so that the reliability of the migration of the key information to be migrated is ensured.
In some optional embodiments, when the decryption result is the same as the encrypted data, the local encrypted solid-state disk decrypts the stored ciphertext of the key information to be migrated to obtain the key information to be migrated, and organizes the key information to be migrated according to a fixed format, for example, the following format (only examples are given herein, the actual format may be modified according to the actual key attribute):
{ logical block address range 1, key length, key value of logical block address range 1 for encryption and decryption, logical block address range 2, key length, key value of logical block address range 2 for encryption and decryption … … }.
And encrypting the organized data by using the symmetric key to obtain encrypted data. And adding an encrypted data length field before encrypting the data, and then using an integrity authentication key to calculate the organized data by using a hash operation to obtain the integrity authentication data. The following data were obtained: { key information to be migrated size encrypted with symmetric key, encrypted key information to be migrated, integrity authentication data }.
And further, the local encrypted solid state disk sends the data to the backup encrypted solid state disk. And the integrity authentication key obtained before the backup encryption solid state disk is used for carrying out integrity authentication data verification, so that the integrity in the data transmission process is ensured. And after the verification is successful, the symmetric key is used for decryption to obtain key information to be migrated. The backup solid state disk uses the own secret key (backup public key or backup private key) to encrypt the migrated secret key information and then stores the secret key information into the nonvolatile memory.
According to the key migration method provided by the embodiment, firstly, the backup digital certificate of the backup encrypted solid state disk and the local digital certificate of the local encrypted solid state disk are obtained so as to judge whether migration between the local encrypted solid state disk and the backup solid state disk can be performed or not through mutual verification between the backup digital certificate and the local digital certificate; the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so that the security and anti-counterfeiting of the symmetric key and the integrity authentication key in the transmission process are ensured; the encrypted data is signed based on the local digital certificate to obtain signature data, so that the correctness of the backup encrypted solid state disk for decrypting the signature data is verified; the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate, and verification of correctness of the backup encrypted solid state disk for decrypting the signature data is facilitated; and when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is encrypted by the symmetric key and then transmitted to the backup encrypted solid state disk, so that the reliability of the migration of the key information to be migrated is ensured. Therefore, the invention can ensure the safety and the integrity of key migration, and when user data copy migration is carried out among self-encrypting solid state disks, a great amount of ciphertext user data is not required to be decrypted and read out and then encrypted for protection transmission, and after the ciphertext user data is received, the ciphertext user data is decrypted and written into the solid state disk, and the solid state disk is encrypted and stored, so that only the ciphertext of the user data is required to be directly copied and migrated, and a series of complicated operations such as encryption and decryption of a great amount of user data are saved.
In this embodiment, a key migration method is provided, which may be used in the above local device, and fig. 3 is a flowchart of the key migration method according to an embodiment of the present invention, as shown in fig. 3, where the flowchart includes the following steps:
step S301, a backup digital certificate of the backup encrypted solid state disk and a local digital certificate of the local encrypted solid state disk are obtained.
Please refer to step S201 in the embodiment shown in fig. 2 in detail, which is not described herein.
Step S302, the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so as to obtain encrypted data.
Specifically, the step S302 includes:
in step S3021, the backup digital certificate is verified based on the local digital certificate.
As described above, the backup digital certificate is verified based on the local digital certificate, so as to determine whether an environment for performing data migration on key information to be migrated is provided between the local encrypted solid state disk and the backup encrypted solid state disk.
In some optional embodiments, when verifying the backup digital certificate based on the local digital certificate, the local target public key corresponding to the local digital certificate and the backup signature information carried in the backup digital certificate may be obtained first, where the backup signature information is obtained by signing the backup public key with the backup target private key in the backup encrypted solid state disk; and then verifying the backup signature information based on the local target public key, so that the backup digital certificate is verified based on the local digital certificate, and a judgment basis is provided for judging whether the key between the local encrypted solid state disk and the backup encrypted solid state disk can be normally migrated, namely, judging the legality of key migration.
In step S3022, when the backup digital certificate passes the verification, two fixed byte random numbers randomly generated by the local encrypted solid state disk are respectively used as the symmetric key and the integrity authentication key.
As described above, when the backup digital certificate passes the verification, two fixed byte random numbers randomly generated by the local encrypted solid state disk are respectively used as the symmetric key and the integrity authentication key, so that a necessary condition is provided for the encrypted migration of the key information to be migrated, and the reliability of the necessary migration to be migrated can be further improved. Meanwhile, the integrity of the information migration of the key to be migrated is checked conveniently through the generation of the integrity authentication key.
In some alternative embodiments, after the backup digital certificate passes the authentication, the local encrypted solid state disk generates 2 fixed bytes of random numbers (the byte length is determined by the encryption and decryption algorithm used, if the SM4 algorithm is used, then 16 bytes of random numbers are generated), and one is used as a symmetric key to encrypt the key information to be migrated. One for use as an integrity authentication key for authenticating the computational integrity of the transmitted data. Data organized into the following formats:
{ symmetric key length, symmetric key value, integrity authentication key length, integrity authentication key value }.
In step S3023, the symmetric key and the integrity authentication key are encrypted based on the backup data certificate to obtain encrypted data.
As described above, the symmetric key and the integrity authentication key are encrypted based on the backup data certificate to obtain encrypted data, so that the security and anti-counterfeiting of the symmetric key and the integrity authentication key in the transmission process are ensured.
In some alternative embodiments, the data { symmetric key length, symmetric key value, integrity authentication key length, integrity authentication key value } in the format described above is encrypted based on the backup public key carried in the backup data certificate, resulting in encrypted data.
Step S303, the encrypted data is signed based on the local digital certificate, and signature data is obtained.
Please refer to step S203 in the embodiment shown in fig. 2 in detail, which is not described herein.
And step S304, the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts the decryption result from the signature data based on the local digital certificate.
Please refer to step S204 in the embodiment shown in fig. 2 in detail, which is not described herein.
And step S305, when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is transmitted to the backup encrypted solid state disk after being encrypted by the symmetric key.
Please refer to step S205 in the embodiment shown in fig. 2 in detail, which is not described herein.
According to the key migration method provided by the embodiment, firstly, the backup digital certificate of the backup encrypted solid state disk and the local digital certificate of the local encrypted solid state disk are obtained so as to judge whether migration between the local encrypted solid state disk and the backup solid state disk can be performed or not through mutual verification between the backup digital certificate and the local digital certificate; the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so that the security and anti-counterfeiting of the symmetric key and the integrity authentication key in the transmission process are ensured; the encrypted data is signed based on the local digital certificate to obtain signature data, so that the correctness of the backup encrypted solid state disk for decrypting the signature data is verified; the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate, and verification of correctness of the backup encrypted solid state disk for decrypting the signature data is facilitated; and when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is encrypted by the symmetric key and then transmitted to the backup encrypted solid state disk, so that the reliability of the migration of the key information to be migrated is ensured. Therefore, the invention can ensure the safety and the integrity of key migration, and when user data copy migration is carried out among self-encrypting solid state disks, a great amount of ciphertext user data is not required to be decrypted and read out and then encrypted for protection transmission, and after the ciphertext user data is received, the ciphertext user data is decrypted and written into the solid state disk, and the solid state disk is encrypted and stored, so that only the ciphertext of the user data is required to be directly copied and migrated, and a series of complicated operations such as encryption and decryption of a great amount of user data are saved.
In this embodiment, a key migration method is provided, which may be used in the above local device, and fig. 4 is a flowchart of the key migration method according to an embodiment of the present invention, as shown in fig. 4, where the flowchart includes the following steps:
step S401, a backup digital certificate of the backup encrypted solid state disk and a local digital certificate of the local encrypted solid state disk are obtained.
Please refer to step S201 in the embodiment shown in fig. 2 in detail, which is not described herein.
Step S402, the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so as to obtain encrypted data.
Please refer to step S302 in the embodiment shown in fig. 3 in detail, which is not described herein.
Step S403, the encrypted data is signed based on the local digital certificate, so as to obtain signature data.
Please refer to step S203 in the embodiment shown in fig. 2 in detail, which is not described herein.
And step S404, the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts the decryption result from the signature data based on the local digital certificate.
Specifically, the step S404 includes:
step S4041, the local digital certificate is verified based on the backup digital certificate.
As described above, the local digital certificate is verified based on the backup digital certificate, so as to determine whether an environment for performing data migration on key information to be migrated exists between the local encrypted solid state disk and the backup encrypted solid state disk.
In some optional embodiments, when verifying the local digital certificate based on the backup digital certificate, the backup target public key corresponding to the backup digital certificate and the local signature information carried in the local digital certificate may be obtained by signing the local public key with the local target private key in the local encrypted solid state disk; and then verifying the local signature information based on the backup target public key, so that the local digital certificate is verified based on the backup digital certificate, and a judgment basis is provided for judging whether the key between the local encrypted solid state disk and the backup encrypted solid state disk can be normally migrated, namely, judging the legality of key migration.
Step S4042, when the local digital certificate passes the verification, decrypting the signature data based on the local digital certificate to obtain a decryption result.
As above, when the local digital certificate passes verification, the signature data is decrypted based on the local digital certificate, so that a decryption result is obtained, and the correctness of the backup encryption solid state disk for decrypting the signature data is conveniently verified.
In some alternative embodiments, the signature data may be decrypted based on a local public key in the local digital certificate, resulting in a decrypted result.
And step S405, when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is transmitted to the backup encrypted solid state disk after being encrypted by the symmetric key.
Please refer to step S205 in the embodiment shown in fig. 2 in detail, which is not described herein.
According to the key migration method provided by the embodiment, firstly, the backup digital certificate of the backup encrypted solid state disk and the local digital certificate of the local encrypted solid state disk are obtained so as to judge whether migration between the local encrypted solid state disk and the backup solid state disk can be performed or not through mutual verification between the backup digital certificate and the local digital certificate; the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so that the security and anti-counterfeiting of the symmetric key and the integrity authentication key in the transmission process are ensured; the encrypted data is signed based on the local digital certificate to obtain signature data, so that the correctness of the backup encrypted solid state disk for decrypting the signature data is verified; the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate, and verification of correctness of the backup encrypted solid state disk for decrypting the signature data is facilitated; and when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is encrypted by the symmetric key and then transmitted to the backup encrypted solid state disk, so that the reliability of the migration of the key information to be migrated is ensured. Therefore, the invention can ensure the safety and the integrity of key migration, and when user data copy migration is carried out among self-encrypting solid state disks, a great amount of ciphertext user data is not required to be decrypted and read out and then encrypted for protection transmission, and after the ciphertext user data is received, the ciphertext user data is decrypted and written into the solid state disk, and the solid state disk is encrypted and stored, so that only the ciphertext of the user data is required to be directly copied and migrated, and a series of complicated operations such as encryption and decryption of a great amount of user data are saved.
In this embodiment, a key migration method is provided, which may be used in the above local device, and fig. 5 is a flowchart of the key migration method according to an embodiment of the present invention, as shown in fig. 5, where the flowchart includes the following steps:
step S501 is to acquire a backup digital certificate of the backup encrypted solid state disk and a local digital certificate of the local encrypted solid state disk.
Please refer to step S201 in the embodiment shown in fig. 2 in detail, which is not described herein.
Step S502, the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so as to obtain encrypted data.
Please refer to step S302 in the embodiment shown in fig. 3 in detail, which is not described herein.
Step S503, signing the encrypted data based on the local digital certificate, to obtain signature data.
Please refer to step S203 in the embodiment shown in fig. 2 in detail, which is not described herein.
And step S504, the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts the decryption result from the signature data based on the local digital certificate.
Please refer to step S404 in the embodiment shown in fig. 4 in detail, which is not described herein.
And step S505, when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is transmitted to the backup encrypted solid state disk after being encrypted by the symmetric key.
Specifically, the step S505 includes:
step S5051, obtaining the decryption symmetric key and the decryption integrity authentication key in the decryption result.
As described above, by acquiring the decryption symmetric key and the decryption integrity authentication key in the decryption result, a necessary condition is provided for the correctness judgment of the decryption result.
In step S5052, the decryption integrity authentication key is encrypted by the decryption symmetric key to obtain integrity authentication data.
As described above, the decryption symmetric key is used to encrypt the decryption integrity authentication key to obtain the integrity authentication data, so as to ensure the security of the transmission of the integrity authentication data, and facilitate the judgment of the correctness of the decryption result.
Step S5053, decrypting the integrity certification data based on the symmetric key to obtain a decrypted integrity certification key.
As described above, the decrypted integrity authentication key is obtained by decrypting the integrity authentication data based on the symmetric key, so as to facilitate the comparison of the decrypted integrity authentication key with the integrity authentication key.
In step S5054, the integrity authentication key is compared with the decryption integrity authentication key, and the decryption result is determined to be the same as the encrypted data based on the comparison result.
As above, the integrity authentication key is decrypted by comparing with the integrity authentication key so as to determine whether the decryption result is identical to the encrypted data based on the comparison result.
In some optional embodiments, when the decryption result is determined to be the same as the encrypted data based on the comparison result, a first key value corresponding to the integrity authentication key may be obtained first; calculating the content limited by the decryption integrity authentication key to obtain a second key value, and comparing the second key value with the first key value; if the second key value is the same as the first key value, determining that the decryption result is the same as the encrypted data.
Specifically, calculating content defined by an integrity authentication key through hash operation to obtain a first key value; performing hash calculation on the content limited by the decryption integrity authentication key to obtain a second key value, and comparing the second key value with the first key value; if the second key value is the same as the first key value, determining that the decryption result is the same as the encrypted data.
In some optional embodiments, when the decryption result is determined to be the same as the encrypted data based on the comparison result, a first character value of each character in the integrity certification key may be obtained first to obtain a first character set; obtaining a second character value of each character in the content defined by the decryption integrity authentication key to obtain a second character set; then comparing each character in the second character set with the first character value in the corresponding position in the first character set; if the second character value is the same as the first character value, determining that the decryption result is the same as the encrypted data.
According to the key migration method provided by the embodiment, firstly, the backup digital certificate of the backup encrypted solid state disk and the local digital certificate of the local encrypted solid state disk are obtained so as to judge whether migration between the local encrypted solid state disk and the backup solid state disk can be performed or not through mutual verification between the backup digital certificate and the local digital certificate; the symmetric key and the integrity authentication key generated by the local encrypted solid state disk are encrypted based on the backup data certificate, so that the security and anti-counterfeiting of the symmetric key and the integrity authentication key in the transmission process are ensured; the encrypted data is signed based on the local digital certificate to obtain signature data, so that the correctness of the backup encrypted solid state disk for decrypting the signature data is verified; the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate, and verification of correctness of the backup encrypted solid state disk for decrypting the signature data is facilitated; and when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is encrypted by the symmetric key and then transmitted to the backup encrypted solid state disk, so that the reliability of the migration of the key information to be migrated is ensured. Therefore, the invention can ensure the safety and the integrity of key migration, and when user data copy migration is carried out among self-encrypting solid state disks, a great amount of ciphertext user data is not required to be decrypted and read out and then encrypted for protection transmission, and after the ciphertext user data is received, the ciphertext user data is decrypted and written into the solid state disk, and the solid state disk is encrypted and stored, so that only the ciphertext of the user data is required to be directly copied and migrated, and a series of complicated operations such as encryption and decryption of a great amount of user data are saved.
In some optional real-time modes, as shown in fig. 6, the data interaction process of the local solid-state encrypted disk and the backup solid-state encrypted disk first enables the local encrypted solid-state disk and the local solid-state encrypted disk to generate a pair of public and private key pairs based on private commands (which can be sent by a manufacturer before the solid-state disk leaves a factory or by a user); the local encryption solid state disk generates a public-private key pair (such as a local public key and a local private key, wherein the local private key is stored in a nonvolatile flash of the local encryption solid state disk, and the local public key is sent to a local host); the backup encryption solid state disk generates a public-private key pair (such as a backup public key and a backup private key, wherein the backup private key is stored in a nonvolatile flash of the backup encryption solid state disk, and the backup public key is sent to the backup host). Then, the backup host signs the backup public key by using the backup target private key to generate a backup digital certificate, and stores the backup digital certificate and the backup target public key corresponding to the backup target private key in a target area; similarly, the local host signs the local public key by using the local target private key to generate a local digital certificate, and stores the local digital certificate and the local target public key corresponding to the local target private key in the target area. When data migration, such as key migration, can be performed between the backup encrypted solid state disk and the local encrypted solid state disk, the backup target public key is the same as the local target public key, but the backup target private key and the local target private key may be generated based on own device information and public key, i.e. the backup target private key and the local target private key may be different.
Further, verifying the backup digital certificate based on the local digital certificate; when the backup digital certificate passes the verification, two fixed byte random numbers randomly generated by the local encryption solid state disk are respectively used as a symmetric key and an integrity authentication key; and encrypting the symmetric key and the integrity authentication key based on the backup data certificate to obtain encrypted data. The local encryption solid state disk signs the encrypted data based on a local private key of the local digital certificate to obtain signature data.
Further, the local encrypted solid state disk sends the encrypted data, the signature data and the local digital certificate to the backup host through the local host, so that the backup host forwards the encrypted data, the signature data and the local digital certificate to the backup encrypted solid state disk, and the backup encrypted solid state disk decrypts the signature data based on the local digital certificate, thereby obtaining a decryption result. And when the decryption result is the same as the encrypted data, the key information to be migrated in the local encrypted solid state disk is transmitted to the backup encrypted solid state disk after being encrypted by the symmetric key, so that the reliability of the migration of the key information to be migrated is ensured.
The embodiment also provides a key migration device, which is used for implementing the foregoing embodiments and preferred embodiments, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
The present embodiment provides a key migration apparatus, as shown in fig. 7, including:
the certificate acquisition module 701 is configured to acquire a backup digital certificate of a backup encrypted solid state disk and a local digital certificate of a local encrypted solid state disk;
the key encryption module 702 is configured to encrypt a symmetric key and an integrity authentication key generated by the local encrypted solid state disk based on the backup data certificate, so as to obtain encrypted data;
a data signing module 703, configured to sign the encrypted data based on the local digital certificate, to obtain signed data;
the data decryption module 704 is configured to send the encrypted data, the signature data, and the local digital certificate to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate;
and the key migration module 705 is configured to encrypt the key information to be migrated in the local encrypted solid state disk with the symmetric key and then transmit the encrypted key information to the backup encrypted solid state disk when the decryption result is the same as the encrypted data.
In some alternative embodiments, the key encryption module 702 includes:
the first verification unit is used for verifying the backup digital certificate based on the local digital certificate;
The key generation unit is used for taking two fixed byte random numbers randomly generated by the local encryption solid state disk as a symmetric key and an integrity authentication key respectively when the backup digital certificate passes verification;
and the key encryption unit is used for encrypting the symmetric key and the integrity authentication key based on the backup data certificate to obtain encrypted data.
In some alternative embodiments, the first authentication unit includes:
the first information acquisition subunit is used for acquiring a local target public key corresponding to the local digital certificate and backup signature information carried in the backup digital certificate, wherein the backup signature information is obtained by signing the backup public key by a backup target private key in the backup encrypted solid state disk;
and the first signing checking subunit is used for checking signing of the backup signature information based on the local target public key.
In some alternative embodiments, the data decryption module 704 includes:
the second verification unit is used for verifying the local digital certificate based on the backup digital certificate;
and the data decryption unit is used for decrypting the signature data number based on the local digital certificate to obtain a decryption result when the local digital certificate passes the verification.
In some alternative embodiments, the second verification unit includes:
The second information acquisition subunit is used for acquiring a backup target public key corresponding to the backup digital certificate and local signature information carried in the local digital certificate, wherein the local signature information is obtained by signing the local public key by the local target public key in the local encrypted solid state disk;
and the second signing checking subunit is used for checking the local signature information based on the backup target public key.
In some alternative embodiments, the key migration module 705 includes:
the key decryption unit is used for obtaining a decryption symmetric key and a decryption integrity authentication key in the decryption result;
the key encryption unit is used for encrypting the decryption integrity authentication key through the decryption symmetric key to obtain integrity authentication data;
the data decryption unit is used for decrypting the integrity authentication data based on the symmetric key to obtain a decryption integrity authentication key;
and the key comparison unit is used for comparing the decryption integrity authentication key with the integrity authentication key, and determining that the decryption result is identical with the encrypted data based on the comparison result.
In some alternative embodiments, the key comparison unit includes:
a key value obtaining subunit, configured to obtain a first key value corresponding to the integrity authentication key;
The key value calculating subunit is used for calculating the content limited by the decryption integrity authentication key to obtain a second key value, and comparing the second key value with the first key value;
and the decryption result determining subunit is used for determining that the decryption result is identical to the encrypted data if the second key value is identical to the first key value.
Further functional descriptions of the above respective modules and units are the same as those of the above corresponding embodiments, and are not repeated here.
The key migration apparatus in this embodiment is presented in the form of a functional unit, where a unit refers to an ASIC (application specific integrated circuit) circuit, a processor and a memory that execute one or more software or fixed programs, and/or other devices that can provide the above functions.
The embodiment of the invention also provides computer equipment, which is provided with the key migration device shown in the figure 7.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a computer device according to an alternative embodiment of the present invention, as shown in fig. 8, the computer device includes: one or more processors 10, memory 20, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are communicatively coupled to each other using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions executing within the computer device, including instructions stored in or on memory to display graphical information of the GUI on an external input/output device, such as a display device coupled to the interface. In some alternative embodiments, multiple processors and/or multiple buses may be used, if desired, along with multiple memories and multiple memories. Also, multiple computer devices may be connected, each providing a portion of the necessary operations (e.g., as a storage server array, a set of blade storage servers, or a multiprocessor system). One processor 10 is illustrated in fig. 8.
The processor 10 may be a central processor, a network processor, or a combination thereof. The processor 10 may further include a hardware chip, among others. The hardware chip may be an application specific integrated circuit, a programmable logic device, or a combination thereof. The programmable logic device may be a complex programmable logic device, a field programmable gate array, a general-purpose array logic, or any combination thereof.
Wherein the memory 20 stores instructions executable by the at least one processor 10 to cause the at least one processor 10 to perform a method for implementing the embodiments described above.
The memory 20 may include a storage program area that may store an operating system, at least one application program required for functions, and a storage data area; the storage data area may store data created from the use of the computer device of the presentation of a sort of applet landing page, and the like. In addition, the memory 20 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some alternative embodiments, memory 20 may optionally include memory located remotely from processor 10, which may be connected to the computer device via a network. Examples of such networks include, but are not limited to, the internet, intranets, server clusters, mobile communication networks, and combinations thereof.
Memory 20 may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as flash memory, hard disk, or solid state disk; the memory 20 may also comprise a combination of the above types of memories.
The computer device also includes a communication interface 30 for the computer device to communicate with other devices or communication networks.
The embodiments of the present invention also provide a computer readable storage medium, and the method according to the embodiments of the present invention described above may be implemented in hardware, firmware, or as a computer code which may be recorded on a storage medium, or as original stored in a remote storage medium or a non-transitory machine readable storage medium downloaded through a network and to be stored in a local storage medium, so that the method described herein may be stored on such software process on a storage medium using a general purpose computer, a special purpose processor, or programmable or special purpose hardware. The storage medium can be a magnetic disk, an optical disk, a read-only memory, a random access memory, a flash memory, a hard disk, a solid state disk or the like; further, the storage medium may also comprise a combination of memories of the kind described above. It will be appreciated that a computer, processor, microprocessor controller or programmable hardware includes a storage element that can store or receive software or computer code that, when accessed and executed by the computer, processor or hardware, implements the methods illustrated by the above embodiments.
Although embodiments of the present invention have been described in connection with the accompanying drawings, various modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope of the invention as defined by the appended claims.
Claims (10)
1. A key migration method, the method comprising:
acquiring a backup digital certificate of a backup encrypted solid state disk and a local digital certificate of a local encrypted solid state disk;
encrypting a symmetric key and an integrity authentication key generated by the local encrypted solid state disk based on the backup data certificate to obtain encrypted data;
signing the encrypted data based on the local digital certificate to obtain signature data;
the encrypted data, the signature data and the local digital certificate are sent to the backup encrypted solid state disk, so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate;
and when the decryption result is the same as the encrypted data, transmitting the key information to be migrated in the local encrypted solid state disk to the backup encrypted solid state disk after the key information to be migrated is encrypted by the symmetric key.
2. The method of claim 1, wherein encrypting the symmetric key and the integrity certification key generated by the local encrypted solid state disk based on the backup data certificate to obtain encrypted data comprises:
verifying the backup digital certificate based on the local digital certificate;
when the backup digital certificate passes verification, two fixed byte random numbers randomly generated by the local encryption solid state disk are respectively used as a symmetric key and an integrity authentication key;
and encrypting the symmetric key and the integrity authentication key based on the backup data certificate to obtain the encrypted data.
3. The method of claim 1, wherein decrypting the decryption result from the signature data based on the local digital certificate comprises:
verifying the local digital certificate based on the backup digital certificate;
and when the local digital certificate passes the verification, decrypting the signature data based on the local digital certificate to obtain the decryption result.
4. A method according to claim 3, wherein determining that the decryption result is the same as the encrypted data comprises:
Obtaining a decryption symmetric key and a decryption integrity authentication key in the decryption result;
encrypting the decryption integrity authentication key through the decryption symmetric key to obtain integrity authentication data;
decrypting the integrity authentication data based on the symmetric key to obtain a decrypted integrity authentication key;
and comparing the decryption integrity authentication key with the integrity authentication key, and determining that the decryption result is identical to the encrypted data based on a comparison result.
5. The method of claim 4, wherein determining that the decryption result is the same as the encrypted data based on the comparison result comprises:
acquiring a first key value corresponding to the integrity authentication key;
calculating the content limited by the decryption integrity authentication key to obtain a second key value, and comparing the second key value with the first key value;
and if the second key value is the same as the first key value, determining that the decryption result is the same as the encrypted data.
6. The method of claim 2, wherein verifying the backup digital certificate based on the local digital certificate comprises:
Acquiring a local target public key corresponding to the local digital certificate and backup signature information carried in the backup digital certificate, wherein the backup signature information is obtained by signing a backup public key by a backup target private key in the backup encrypted solid state disk;
and signing the backup signature information based on the local target public key.
7. The method of claim 3, wherein verifying the local digital certificate based on the backup digital certificate comprises:
acquiring a backup target public key corresponding to the backup digital certificate and local signature information carried in the local digital certificate, wherein the local signature information is obtained by signing a local public key by a local target public key in the local encrypted solid-state disk;
and checking the local signature information based on the backup target public key.
8. A key migration apparatus, the apparatus comprising:
the certificate acquisition module is used for acquiring a backup digital certificate of the backup encrypted solid state disk and a local digital certificate of the local encrypted solid state disk;
the key encryption module is used for encrypting a symmetric key and an integrity authentication key generated by the local encrypted solid state disk based on the backup data certificate to obtain encrypted data;
The data signing module is used for signing the encrypted data based on the local digital certificate to obtain signature data;
the data decryption module is used for sending the encrypted data, the signature data and the local digital certificate to the backup encrypted solid state disk so that the backup encrypted solid state disk decrypts a decryption result from the signature data based on the local digital certificate;
and the key migration module is used for transmitting the key information to be migrated in the local encrypted solid state disk to the backup encrypted solid state disk after the key information to be migrated in the local encrypted solid state disk is encrypted by the symmetric key when the decryption result is the same as the encrypted data.
9. A computer device, comprising:
a memory and a processor in communication with each other, the memory having stored therein computer instructions which, upon execution, cause the processor to perform the method of any of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311166850.4A CN117220859A (en) | 2023-09-11 | 2023-09-11 | Key migration method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311166850.4A CN117220859A (en) | 2023-09-11 | 2023-09-11 | Key migration method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117220859A true CN117220859A (en) | 2023-12-12 |
Family
ID=89034715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311166850.4A Pending CN117220859A (en) | 2023-09-11 | 2023-09-11 | Key migration method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117220859A (en) |
-
2023
- 2023-09-11 CN CN202311166850.4A patent/CN117220859A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10116645B1 (en) | Controlling use of encryption keys | |
| CN108540459B (en) | Data storage method, device, system, electronic equipment and computer readable medium | |
| US9735962B1 (en) | Three layer key wrapping for securing encryption keys in a data storage system | |
| US9104541B2 (en) | Obtaining a signed certificate for a dispersed storage network | |
| CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
| CN110099064B (en) | File processing method, device, equipment and storage medium based on Internet of things | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| US10003467B1 (en) | Controlling digital certificate use | |
| US10530752B2 (en) | Efficient device provision | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| US11356445B2 (en) | Data access interface for clustered devices | |
| CN111641630B (en) | Encryption transmission method and device, electronic equipment and storage medium | |
| US10621055B2 (en) | Adaptive data recovery for clustered data devices | |
| US20200004695A1 (en) | Locally-stored remote block data integrity | |
| CN104967591A (en) | Cloud storage data read-write method and device, and read-write control method and device | |
| CN113610526A (en) | Data trust method and device, electronic equipment and storage medium | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN112733180A (en) | Data query method and device and electronic equipment | |
| CN104104650A (en) | Data file visit method and terminal equipment | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| CN109960935B (en) | Method, device and storage medium for determining trusted state of TPM (trusted platform Module) | |
| CN115242413A (en) | Internet of things equipment firmware safety upgrading method and device, electronic equipment and medium | |
| CN117061126A (en) | System and method for managing encryption and decryption of cloud disk files | |
| US20230244797A1 (en) | Data processing method and apparatus, electronic device, and medium | |
| CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |